Preferred Analysis for Documents or Executables
Table of Contents
8.0
Expand all | Collapse all
-
- Mach-O Support for WildFire Inline ML
- Advanced WildFire Public Sector Cloud
- Advanced WildFire Government Cloud
- WildFire Spain Cloud
- WildFire Saudi Arabia Cloud
- WildFire Israel Cloud
- WildFire South Korea Cloud
- WildFire Qatar Cloud
- WildFire France Cloud
- WildFire Taiwan Cloud
- WildFire Indonesia Cloud
- WildFire Poland Cloud
- WildFire Switzerland Cloud
- Advanced WildFire Support for Intelligent Run-time Memory Analysis
- Shell Script Analysis Support for Wildfire Inline ML
- Standalone WildFire API Subscription
- WildFire India Cloud
- MSI, IQY, and SLK File Analysis
- MS Office Analysis Support for Wildfire Inline ML
- WildFire Germany Cloud
- WildFire Australia Cloud
- Executable and Linked Format (ELF) Analysis Support for WildFire Inline ML
- Global URL Analysis
- WildFire Canada Cloud
- WildFire UK Cloud
- HTML Application and Link File Analysis
- Recursive Analysis
- Perl Script Analysis
- WildFire U.S. Government Cloud
- Real Time WildFire Verdicts and Signatures for PDF and APK Files
- Batch File Analysis
- Real Time WildFire Verdicts and Signatures for PE and ELF Files
- Real Time WildFire Verdicts and Signatures for Documents
- Script Sample Analysis
- ELF Malware Test File
- Email Link Analysis Enhancements
- Sample Removal Request
- Updated WildFire Cloud Data Retention Period
- DEX File Analysis
- Network Traffic Profiling
- Additional Malware Test Files
- Dynamic Unpacking
- Windows 10 Analysis Environment
- Archive (RAR/7z) and ELF File Analysis
- WildFire Analysis of Blocked Files
- WildFire Phishing Verdict
Preferred Analysis for Documents or Executables
A single virtual machine (VM) image runs on
the WildFire appliance; when you Upgrade the WildFire Appliance
Software, you can choose for the WildFire appliance to use
the VM image that most reflects your network environment. Each available
VM image represents a single operating system and supports several
different analysis environments based on that operating system.
You can now dedicate all analysis environments to support certain
file types: either documents (Microsoft Office files and PDFs) or
portable executables (PEs). This feature is helpful if you are using
the WildFire appliance to analyze specific file types; for example,
if you’ve deployed a WildFire hybrid cloud to
analyze documents locally and PEs in the WildFire global cloud.
In this case, you could dedicate all analysis environments to documents.
Previously, analysis environments were statically allocated and
the resources available for document and executable analysis were
evenly divided; you could not adjust the allocation of analysis
resources even when the WildFire appliance was configured to analyze
only one type of file.
- Confirm that the firewall is configured to forward
only the file type to which you want to dedicate WildFire analysis
environments.
- In the firewall web interface, select ObjectsSecurity ProfilesWildFire Analysis.
- Confirm that the WildFire Analysis profile set to forward files to the WildFire private cloud for analysis is configured to forward documents or executables.
- Select PoliciesSecurity and confirm that the WildFire Analysis profile is attached to a security policy rule. Traffic the rule allows is forwarded to the WildFire appliance for private cloud analysis based on the WildFire Analysis profile settings.
- Allocate WildFire appliance resources to analyze either
documents or executables.Use the following CLI command:
admin@WF-500# set deviceconfig setting wildfire preferred-analysis-environment documents | executables | defaultand choose from one of the following options:- documents—Dedicate analysis resources to concurrently analyze 25 documents, 1 PE, and 2 email links.
- executables—Dedicate analysis resources to concurrently analyze 25 PEs, 1 documents, and 2 email links.
- default—The appliance concurrently analyzes 16 documents, 10 portable executables (PE), and 2 email links.
- Confirm that all WildFire appliances processes are running.
admin@WF-500> show system software status